Explore the intricacies of cybersecurity team dynamics in this conference talk from Security Onion Conference 2018. Delve into the roles of Blue, Red, Purple, and White teams as Don Murdoch, known as @BlueTeamHB, breaks down key range terms and network concepts. Gain insights into the Regent's Range setup, including network layout and components, and discover various scenarios and use cases for Security Onion. Learn about BT3 client-side operations and how Snort detects Trojan behavior. Examine available open-source tools and techniques for packet analysis. Follow along as Murdoch guides you through a cybersecurity investigation, covering common tasks and actionable findings. Explore on-the-wire scenarios and the process of adding data sources. Compare different views of application usage to enhance your understanding of comprehensive security monitoring and response strategies.
Blue, Red, Purple, White - Which Team Are You On?
Overview
Syllabus
Intro
Key Range Terms and Network
Regent's Range In a Nutshell
Range Network Layout and Components
Scenarios
Regent's Use Cases for Sec Onion
BT3 Client Side
Snort Picks up the Trojan Behavior
What FOSS tools are out there?
Pull out the Packet
Swanky!
The Investigation
Common Tasks
Taking Action on the Finding
On the Wire ... (slides follow)
Adding Data Sources - A Journey!
Two Different views of application usage
Taught by
Security Onion
